[Web Install] Consider alternate approach to using * as an install_source

[HowardWolosky]

For install_sources, you mention the use of * as a way to grant access to all sites:

https://github.com/MicrosoftEdge/MSEdgeExplainers/blob/ef5973793bb431e12222a803f14fde610e5a96f4/WebInstall/explainer_cross_domain.md?plain=1#L226

@dmurph had a good point for Scope Extensions in WICG/manifest-incubations#89, where he pointed out that using an asterisk can complicate URL parsing. Continuing with the feedback from that issue, you may want to consider two things:

1. The object in the install_sources may want to have a second property, similar to what Dan is suggesting for scope extensions that would allow for all sub-domains of the specified origin to be considered valid as well. Dan suggested treat_as_registrable_domain, although I'm not enthusiastic on that exact naming. (I believe that's based off of this).
2. Another top-level property in the web-manifest (possibly allow_all_install_sources) that would act as your global *. If set to true, the install_sources list would be ignored (if included). If set to false or absent, it would defer to whatever install_sources said.

[diekus]

@HowardWolosky I think we should go with the second option. While I like the first idea (not a fan of the naming either) I think the use case for scope extensions where you want to include multiple different domains is very different from web install where you might want to allow ANY domain to install the app.

[dmurph]

Some explanation on the naming - this is the eTLD+1.

https://developer.mozilla.org/en-US/docs/Glossary/eTLD

[dmurph]

This is the scope of cookies, for example.